def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
name = mt.getVar("name")
rep = scriptrunner(port, "http-csrf", ip)
tags = ["Path", "Form id", "Form action"]
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
csrfentity = None
for line in output.split("\n"):
if any(x in line for x in tags):
sline = line.split(":")
tag = sline[0].lstrip()
data = ":".join(sline[1::])
if tag == "Path":
csrfentity = mt.addEntity("msploitego.CSFR", data)
csrfentity.setValue(data)
elif tag == "Form id":
csrfentity.addAdditionalFields("formid", "Form ID", True, data)
elif tag == "Form action":
csrfentity.addAdditionalFields("formaction", "Form Action", True, data)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
bashlog = bashrunner(
"wpscan --url {}:{} --enumerate p,u --no-banner --no-color".format(
ip, port))
# regp = re.compile("^\[i]\s", re.I)
results = bucketparser(re.compile("^\[!\]\sTitle:\s", re.I), bashlog)
for res in results:
if res.get("Header"):
header = sanitizefield(res.get("Header"))
wpent = mt.addEntity("msploitego.WordpressInfo", header)
wpent.setValue(header)
for k, v in res.items():
if not k or not k.strip() or k == "Header":
continue
k = sanitizefield(k)
v = sanitizefield(v)
if v and v.strip() and k and k.strip():
wpent.addAdditionalFields(k, k.capitalize(), False, v)
mt.returnOutput()
def dotransform(args):
excludes = ["Nessus Scan Information"]
# entitytags = ["hostid", "info", "name","vulnattemptcount"]
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("fromfile")
ip = mt.getVar("address")
host = MetasploitXML(fn).gethost(ip)
vulncount = int(mt.getVar("vulncount"))
if vulncount > 0:
for vuln in host.vulns:
vulnent = mt.addEntity("maltego.Vulnerability", vuln.name)
vulnent.setValue("{}/{}".format(vuln.name, host.address))
vulnent.addAdditionalFields("refs", "References", False,
",".join([x.ref for x in vuln.refs]))
vulnent.addAdditionalFields("ipaddress", "IP Address", False,
host.address)
vulnent.addAdditionalFields("hostid", "Host ID", False, host.id)
vulnent.addAdditionalFields("os", "OS Name", False, host.osname)
for tag, val in vuln:
if isinstance(val, str):
vulnent.addAdditionalFields(tag, tag.capitalize(), False,
val)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
mt.returnOutput()
def dotransform(args):
entitytags = []
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("description")
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
regex = re.compile("\[V\]\s|\[\+\]\s|\[i\]\s", re.I)
sidex = re.compile("^S-1-", re.I)
namex = re.compile("^[\w\.]{2,}\\\\+[\w\.]{2,}")
data = mt.getVar("data").replace("\\\\","\\").split("\n")
if data:
for line in data:
sid = name = typ = ""
if line.strip() and not regex.search(line):
details = line.split()
for d in details:
if sidex.match(d):
sid = d
elif namex.match(d):
name = d
elif re.search("group|user",d,re.I):
typ = d.strip(")")
if name:
if typ.lower() == "group":
entityname = "msploitego.SambaGroupInformation"
else:
entityname = "msploitego.SambaUser"
sambauser = mt.addEntity(entityname, name)
sambauser.setValue(name)
sambauser.addAdditionalFields("sid", "Sid", False, sid)
sambauser.addAdditionalFields("type", "Type", False, typ)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
db = mt.getValue()
user = mt.getVar("user")
password = mt.getVar("password").replace("\\","")
mpost = MsploitPostgres(user, password, db)
for workspace in mpost.getWorkspaces():
wsentity = mt.addEntity("msploitego.MetasploitWorkspace", workspace.get("name"))
wsentity.setValue(workspace.get("name"))
wsentity.addAdditionalFields("workspaceid", "Workspace Id", False, str(workspace.get("id")))
wsentity.addAdditionalFields("db", "Database", False, db)
inheritvalues(wsentity, mt.values)
mt.returnOutput()
def dotransform(args):
entitytags = []
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("description")
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("fromfile")
ip = mt.getVar("address")
host = MetasploitXML(fn).gethost(ip)
for page in host.webpages:
setentity(mt,page)
for form in host.webforms:
setentity(mt,form)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
noteon = mt.getValue()
noteent = mt.addEntity("msploitego.Note", "Note:{}".format(noteon))
noteent.setValue("Note:{}".format(noteon))
noteent.addAdditionalFields("note", "Note", False, "")
noteent.addAdditionalFields("link", "Link", False, "")
inheritvalues(noteent, mt.values)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
filenmame = mt.getVar("localfile")
if filenmame:
if os.path.exists(filenmame):
webbrowser.open("file://{}".format(filenmame))
else:
url = mt.getValue()
if validators.url(url):
webbrowser.open(url)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("fromfile")
ip = mt.getVar("address")
host = MetasploitXML(fn).gethost(ip)
for page in host.webpages:
setentity(mt, page)
for form in host.webforms:
setentity(mt, form)
mt.returnOutput()
def dotransform(args):
entitytags = [
"name", "address", "servicecount", "osname", "state", "mac",
"vulncount", "purpose", "osflavor", "osfamily", "notecount"
]
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("description")
mdb = MetasploitXML(fn)
for host in mdb.hosts:
hostentity = mt.addEntity("maltego.IPv4Address", host.address)
hostentity.setValue(host.address)
hostentity.addAdditionalFields("fromfile", "Source File", False, fn)
tags = host.getTags()
for etag in entitytags:
if etag in tags:
hostentity.addAdditionalFields(etag, etag, False,
host.getVal(etag))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
global nmap_proc
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
rep = scriptrunner(port, "http-security-headers", ip)
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
lines = output.split("\n")
for line in lines:
if not line.strip():
lines.remove(line)
secheader = mt.addEntity("msploitego.httpsecureheaders", output)
secheader.setValue(output[0:25])
secheader.addAdditionalFields("details", "Details", False, output)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
entitytags = ["name", "address", "servicecount", "osname", "state", "mac","vulncount","purpose", "osflavor",
"osfamily", "notecount"]
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("description")
mdb = MetasploitXML(fn)
for host in mdb.hosts:
hostentity = mt.addEntity("maltego.IPv4Address", host.address)
hostentity.setValue(host.address)
hostentity.addAdditionalFields("fromfile", "Source File", False, fn)
tags = host.getTags()
for etag in entitytags:
if etag in tags:
hostentity.addAdditionalFields(etag, etag, False, host.getVal(etag))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
rep = scriptrunner(port, "banner", ip, args="-sV")
if rep:
pprint(rep)
# for scriptrun in rep.hosts[0].services[0].scripts_results:
# regex = re.compile("^\s+Path:")
# results = bucketparser(regex,scriptrun.get("output").split("\n"))
# for res in results:
# k,v = res.get("Header").split(":",1)
# commententity = mt.addEntity("msploitego.SourceCodeComment", v)
# commententity.setValue(v)
# commententity.addAdditionalFields("comment", "Comment", False, "\n".join(res.get("Details")))
# commententity.addAdditionalFields("linenumber", "Line Number", False, res.get("Line number"))
# commententity.addAdditionalFields("path", "Path", False, v)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
# ip = mt.getVar("address")
# hostid = mt.getVar("hostid")
# vuln = mt.getValue()
# db = mt.getVar("db")
# user = mt.getVar("user")
# password = mt.getVar("password").replace("\\", "")
# msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I)
# cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}",re.I)
# rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b")
# mpost = MsploitPostgres(user, password, db)
# for ms in msreg.findall(vuln):
# # bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms))
# ms = ms.replace("-","_").lower()
# mods = mpost.queryModules()
# for line in bashlog:
# if rankreg.search(line):
# rank = rankreg.search(line).group(0)
# msfmod = re.split(" {2,}", line.lstrip())
# msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
# msfentity.setValue(msfmod[0])
# msfentity.addAdditionalFields("rank", "Rank", False, rank)
# msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
# msfentity.addAdditionalFields("ip", "IP Address", False, ip)
# for cve in cvereg.findall(vuln):
# bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve))
# for line in bashlog:
# if rankreg.search(line):
# rank = rankreg.search(line).group(0)
# msfmod = re.split(" {2,}", line.lstrip())
# msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
# msfentity.setValue(msfmod[0])
# msfentity.addAdditionalFields("rank", "Rank", False, rank)
# msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
mt.addUIMessage("This transform is under construction")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
cleanse = re.compile(
"\[\+\]|denied|warning|failed|attempted|attempting|reconnecting", re.I)
# cleanse = re.compile("\[\+\]|\[v\]")
data = mt.getVar("data").split("\n")
# regex = re.compile("^Sharename")
# results = bucketparser(regex, data, sep=" ")
res = []
for line in data:
if "---" in line or not line or cleanse.search(line):
continue
res.append(line)
pprint(res)
# if data:
# for line in data:
# sid = name = typ = ""
# if line.strip() and not regex.search(line):
# details = line.split()
# for d in details:
# if sidex.match(d):
# sid = d
# elif namex.match(d):
# name = d
# elif re.search("group|user",d,re.I):
# typ = d.strip(")")
# if name:
# if typ.lower() == "group":
# entityname = "msploitego.SambaGroupInformation"
# else:
# entityname = "msploitego.SambaUser"
# sambauser = mt.addEntity(entityname, name)
# sambauser.setValue(name)
# sambauser.addAdditionalFields("sid", "Sid", False, sid)
# sambauser.addAdditionalFields("type", "Type", False, typ)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
body = mt.getVar("body")
url = mt.getValue()
details = None
if body:
details = body
else:
bashlog = bashrunner("wget -qO- {}".format(url))
if bashlog:
details = "".join(bashlog)
if details:
webfile = mt.addEntity("msploitego.WebFile", url)
webfile.setValue(url)
webfile.addAdditionalFields("details", "Details", False, details)
webfile.addAdditionalFields("url", "Site URL", False, url)
webfile.addAdditionalFields("ip", "IP Address", False, ip)
webfile.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(sys.argv))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, scripts, ip, scriptargs="unsafe=1")
for scriptrun in rep.hosts[0].scripts_results:
id = scriptrun.get("id")
if id and "ERROR" not in scriptrun.get("output"):
smbvuln = mt.addEntity("msploitego.SambaVulnerability", "{}:{}".format(id,hostid))
smbvuln.setValue("{}:{}".format(id,hostid))
smbvuln.addAdditionalFields("description", "Description", False, scriptrun.get("output"))
smbvuln.addAdditionalFields("IP", "IP Address", False, ip)
smbvuln.addAdditionalFields("Port", "Port", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
bashlog = bashrunner("snmp-check -w {}".format(ip))
regex = re.compile("^\[\*\]")
results = bucketparser(regex, bashlog, sep=" ")
for res in results:
origheader = res.get("Header")
header = res.get("Header").lower()
if "write access permitted" in header:
phrase = mt.addEntity("msploitego.RelevantInformation",
"{}:{}".format(origheader, hostid))
phrase.setValue("{}:{}".format(origheader, hostid))
elif "system information" in header:
if res.get("Domain"):
dname = res.get("Domain").lstrip(":")
domain = mt.addEntity("maltego.Domain", dname)
domain.setValue(dname)
domain.addAdditionalFields("ip", "IP Address", True, ip)
domain.addAdditionalFields("port", "Port", True, port)
if res.get("Hostname"):
hname = res.get("Hostname").lstrip(":")
hostname = mt.addEntity("msploitego.Hostname", hname)
hostname.setValue(hname)
hostname.addAdditionalFields("ip", "IP Address", True, ip)
hostname.addAdditionalFields("port", "Port", True, port)
elif "user accounts" in header:
for user in res.keys():
if any(x in user for x in ["Details", "Header"]):
continue
alias = mt.addEntity("maltego.Alias", user)
alias.setValue(user)
alias.addAdditionalFields("ip", "IP Address", True, ip)
elif "routing information" in header:
ipprefix = ".".join(ip.split(".")[0:2])
for k, v in res.items():
if any(x in k for x in ["Details", "Header", "Destination"]):
continue
for ipr in v.split():
if re.search(ipprefix, ipr) and ipr != ip:
iprout = mt.addEntity("msploitego.RoutingIP", ipr)
iprout.setValue(ipr)
iprout.addAdditionalFields("ip", "IP Address", True,
ip)
elif "network services" in header:
for k, v in res.items():
if any(x in k for x in ["Details", "Header", "Index"]):
continue
nservice = mt.addEntity("msploitego.NetworkService",
"{}:{}".format(v, hostid))
nservice.setValue("{}:{}".format(v, hostid))
nservice.addAdditionalFields("ip", "IP Address", True, ip)
elif "processes" in header:
for k, v in res.items():
if any(x in k for x in ["Details", "Header"]):
continue
if "running" in v.lower():
process = mt.addEntity(
"msploitego.Process",
"{}:{}".format(v.split()[-1], hostid))
process.setValue("{}:{}".format(v.split()[-1], hostid))
process.addAdditionalFields("ip", "IP Address", True, ip)
process.addAdditionalFields("pid", "Process ID", True, k)
elif "device information" in header:
for k, v in res.items():
if any(x in k for x in ["Details", "Header", "Id"]):
continue
if any(x in v for x in ["unknown", "running"]):
device = mt.addEntity(
"maltego.Device",
"{}:{}".format(" ".join(v.split()[2::]), hostid))
device.setValue("{}:{}".format(" ".join(v.split()[2::]),
hostid))
device.addAdditionalFields("ip", "IP Address", True, ip)
elif "software components" in header:
for k, v in res.items():
if any(x in k for x in ["Details", "Index", "Header"]):
continue
iprout = mt.addEntity("msploitego.SotwareComponents",
"{}:{}".format(v, hostid))
iprout.setValue("{}:{}".format(v, hostid))
iprout.addAdditionalFields("ip", "IP Address", True, ip)
elif "share" in header:
path = res.get("Path").lstrip(":")
name = res.get("Name").lstrip(":")
networkshare = mt.addEntity("msploitego.NetworkShare", path)
networkshare.setValue(path)
networkshare.addAdditionalFields("ip", "IP Address", True, ip)
networkshare.addAdditionalFields("name", "Share Name", True, name)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
bashlog = bashrunner("snmp-check -w {}".format(ip))
regex = re.compile("^\[\*\]")
results = bucketparser(regex, bashlog, sep=" ")
for res in results:
origheader = res.get("Header")
header = res.get("Header").lower()
if "write access permitted" in header:
phrase = mt.addEntity("maltego.Pharse", origheader)
phrase.setValue(origheader)
elif "system information" in header:
if res.get("Domain"):
dname = res.get("Domain").lstrip(":")
domain = mt.addEntity("maltego.Domain", dname)
domain.setValue(dname)
domain.addAdditionalFields("ip", "IP Address", True, ip)
domain.addAdditionalFields("port", "Port", True, port)
if res.get("Hostname"):
hname = res.get("Hostname").lstrip(":")
hostname = mt.addEntity("msploitego.Hostname", hname)
hostname.setValue(hname)
hostname.addAdditionalFields("ip", "IP Address", True, ip)
hostname.addAdditionalFields("port", "Port", True, port)
elif "user accounts" in header:
for user in res.keys():
if any(x in user for x in ["Details", "Header"]):
continue
alias = mt.addEntity("maltego.Alias", user)
alias.setValue(user)
alias.addAdditionalFields("ip", "IP Address", True, ip)
elif "routing information" in header:
ipprefix = ".".join(ip.split(".")[0:2])
for k,v in res.items():
if any(x in k for x in ["Details", "Header","Destination"]):
continue
for ipr in v.split():
if re.search(ipprefix,ipr) and ipr != ip:
iprout = mt.addEntity("msploitego.RoutingIP", ipr)
iprout.setValue(ipr)
iprout.addAdditionalFields("ip", "IP Address", True, ip)
elif "network services" in header:
for k,v in res.items():
if any(x in k for x in ["Details", "Header","Index"]):
continue
nservice = mt.addEntity("msploitego.NetworkService", v)
nservice.setValue(v)
nservice.addAdditionalFields("ip", "IP Address", True, ip)
elif "processes" in header:
for k,v in res.items():
if any(x in k for x in ["Details", "Header"]):
continue
if "running" in v.lower():
process = mt.addEntity("msploitego.Process", v.split()[-1])
process.setValue(v.split()[-1])
process.addAdditionalFields("ip", "IP Address", True, ip)
process.addAdditionalFields("pid","Process ID", True, k)
elif "device information" in header:
for k,v in res.items():
if any(x in k for x in ["Details", "Header", "Id"]):
continue
if any(x in v for x in ["unknown","running"]):
device = mt.addEntity("maltego.Device", " ".join(v.split()[2::]))
device.setValue(" ".join(v.split()[2::]))
device.addAdditionalFields("ip", "IP Address", True, ip)
elif "software components" in header:
for k,v in res.items():
if any(x in k for x in ["Details","Index","Header"]):
continue
iprout = mt.addEntity("msploitego.SotwareComponents", v)
iprout.setValue(v)
iprout.addAdditionalFields("ip", "IP Address", True, ip)
elif "share" in header:
path = res.get("Path").lstrip(":")
name = res.get("Name").lstrip(":")
networkshare = mt.addEntity("msploitego.NetworkShare", path)
networkshare.setValue(path)
networkshare.addAdditionalFields("ip", "IP Address", True, ip)
networkshare.addAdditionalFields("name", "Share Name", True, name)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "ssh-auth-methods,ssh-hostkey", ip, scriptargs="ssh_hostkey=all")
if rep.hosts[0].status == "up":
for scriptrun in rep.hosts[0].services[0].scripts_results:
infoentity = mt.addEntity("msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"), hostid))
infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid))
infoentity.addAdditionalFields("description", "Description", False, scriptrun.get("output"))
infoentity.addAdditionalFields("ip", "IP Address", False, ip)
infoentity.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
workspace = mt.getValue()
workspaceid = mt.getVar("workspaceid")
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\","")
mpost = MsploitPostgres(user, password, db)
for host in mpost.getAllHosts(workspaceid):
hostentity = mt.addEntity("maltego.IPv4Address", host.get("address"))
hostentity.setValue(host.get("address"))
for k,v in host.items():
if isinstance(v,datetime):
hostentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
elif v and str(v).strip():
hostentity.addAdditionalFields(k, k.capitalize(), False, str(v))
inheritvalues(hostentity, mt.values)
hostentity.addAdditionalFields("workspace", "Workspace Name", False, workspace)
mt.returnOutput()
from libnmap.process import NmapProcess
from common.MaltegoTransform import *
import sys
__author__ = 'Marc Gurreri'
__copyright__ = 'Copyright 2018, Oscp Project'
__credits__ = []
__license__ = 'GPL'
__version__ = '0.1'
__maintainer__ = 'Marc Gurreri'
__email__ = '*****@*****.**'
__status__ = 'Development'
me = MaltegoTransform()
me.parseArguments(sys.argv)
# pprint(me)
# oport = toPort(me)
banner = me.getVar("oscp.banner")
ban = ""
if banner is not None:
bl = banner.split()
if "product" in bl[0]:
ban = " ".join(bl[1:])
else:
ban = banner
else:
def mycallback(nmaptask):
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
if not hostid:
hostid = mt.getVar("id")
rep = scriptrunner(
port,
"smtp-commands,smtp-enum-users,smtp-open-relay,smtp-vuln-cve2011-1764",
ip)
if rep:
for scriptrun in rep.hosts[0].services[0].scripts_results:
infoentity = mt.addEntity(
"msploitego.RelevantInformation",
"{}:{}".format(scriptrun.get("id"), hostid))
infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid))
infoentity.addAdditionalFields("description", "Description", False,
scriptrun.get("output"))
infoentity.addAdditionalFields("ip", "IP Address", False, ip)
infoentity.addAdditionalFields("port", "Port", False, port)
infoentity.addAdditionalFields("hostid", "Host Id", False, hostid)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
excludes = ["Nessus Scan Information"]
# entitytags = ["hostid", "info", "name","vulnattemptcount"]
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("fromfile")
ip = mt.getVar("address")
host = MetasploitXML(fn).gethost(ip)
vulncount = int(mt.getVar("vulncount"))
if vulncount > 0:
for vuln in host.vulns:
vulnent = mt.addEntity("maltego.Vulnerability", vuln.name)
vulnent.setValue("{}/{}".format(vuln.name,host.address))
vulnent.addAdditionalFields("refs", "References", False, ",".join([x.ref for x in vuln.refs]))
vulnent.addAdditionalFields("ipaddress", "IP Address", False, host.address)
vulnent.addAdditionalFields("hostid", "Host ID", False, host.id)
vulnent.addAdditionalFields("os", "OS Name", False, host.osname)
for tag,val in vuln:
if isinstance(val,str):
vulnent.addAdditionalFields(tag, tag.capitalize() , False, val)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
module = mt.getValue()
falsepos = mt.addEntity("msploitego.Checked", "{}:{}".format(module,ip,port))
falsepos.setValue("{}:{}".format(module,ip,port))
falsepos.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
proto = mt.getVar("proto")
service = mt.getValue()
rep = scriptrunner(port, "smb-os-discovery,smb-security-mode,smb-server-stats,smb-system-info", ip)
if rep.hosts[0].status == "up":
d = {}
for res in rep.hosts[0].scripts_results:
elems = res.get("elements")
for k,v in elems.items():
if v and v.strip():
d.update({k:v})
server = d.get("server").split("\\")[0]
workgroup = d.get("workgroup").split("\\")[0]
sambaentity = mt.addEntity("msploitego.SambaServer", "{}:{}".format(server,workgroup))
sambaentity.setValue("{}:{}".format(server,workgroup))
sambaentity.addAdditionalFields("ip", "IP Address", False, ip)
sambaentity.addAdditionalFields("port", "Port", False, port)
sambaentity.addAdditionalFields("server", "Server", False, server)
sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup)
sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid)
sambaentity.addAdditionalFields("info", "Info", False, d.get("os"))
sambaentity.addAdditionalFields("name", "Name", False, d.get("fqdn"))
sambaentity.addAdditionalFields("banner.text", "Service Banner", False, d.get("os"))
sambaentity.addAdditionalFields("service.name", "Description", False, service)
sambaentity.addAdditionalFields("properties.service", "Service", False, service)
sambaentity.addAdditionalFields("proto", "Protocol", False, proto)
for k,v in d.items():
if any(x in k for x in ["server","workgroup"]):
continue
sambaentity.addAdditionalFields(k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-services", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("^\s\s[a-zA-Z0-9_.-]+")
bucket = bucketparser(regex,output)
for item in bucket:
serviceent = mt.addEntity("maltego.Service", "{}:{}".format(item.get("Header"),hostid))
serviceent.setValue("{}:{}".format(item.get("Header"),hostid))
serviceent.addAdditionalFields("displayname", "Service Name", False, item.get("Display_name"))
serviceent.addAdditionalFields("ip", "IP Address", False, ip)
serviceent.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
if not hostid:
hostid = mt.getVar("id")
rep = scriptrunner(port, "msrpc-enum", ip)
if rep.hosts[0].status == "up":
for scriptrun in rep.hosts[0].services[0].scripts_results:
popent = mt.addEntity("msploitego.RelevantInformation", "{}:{}".format(scriptrun.get("id"),hostid))
popent.setValue("{}:{}".format(scriptrun.get("id"),hostid))
popent.addAdditionalFields("description", "Description",False,scriptrun.get("output"))
popent.addAdditionalFields("ip", "IP Address", False, ip)
popent.addAdditionalFields("port", "Port", False, port)
popent.addAdditionalFields("hostid", "Host Id", False, hostid)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
global nmap_proc
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
rep = scriptrunner(port, "http-robots.txt", ip)
if rep.hosts[0].status == "up":
for scriptrun in rep.hosts[0].services[0].scripts_results:
output = scriptrun.get("output")
for line in output.split("\n"):
if line.lstrip()[0] == "/":
for d in line.lstrip().strip().split():
webdirentity = mt.addEntity("maltego.WebDir", d)
webdirentity.setValue(d)
webdirentity.addAdditionalFields("ip", "IP Address", False, ip)
webdirentity.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
diry = mt.getValue()
# website = mt.addEntity("maltego.URL", "http://{}:{}{}".format(ip,port,diry))
# website.setValue("http://{}:{}{}".format(ip,port,diry))
# website.addAdditionalFields("dir", "Directory", False, diry)
# website.addAdditionalFields("url", "URL", False, "http://{}:{}{}".format(ip,port,diry))
# website.addAdditionalFields("ip", "IP Address", False, ip)
# website.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
entitytags = ["hostid","info", "name", "port", "proto", "state"]
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("fromfile")
ip = mt.getVar("address")
mac = mt.getVar("mac")
osname = mt.getVar("osname")
osfamily = mt.getVar("osfamily")
machinename = mt.getVar("name")
servicecount = int(mt.getVar("servicecount"))
mdb = MetasploitXML(fn)
if servicecount > 0:
host = mdb.gethost(ip)
for service in host.services:
entityname = "msploitego.MetasploitService"
try:
servicename = service.name
except AttributeError:
servicename = "NoName"
try:
serviceinfo = service.info
except AttributeError:
serviceinfo = None
if service.state.lower() in ["filtered", "closed"]:
entityname = "msploitego.ClosedPort"
else:
if servicename in ["http","https","possible_wls","www","ncacn_http","ccproxy-http","ssl/http","http-proxy"]:
if serviceinfo:
if "iis" in service.info.lower():
entityname = "msploitego.IISWebservice"
elif "rpc over http" in service.info.lower():
entityname = "msploitego.RPCoverhttp"
elif "oracle xml db" in service.info.lower():
entityname = "msploitego.OracleXMLDB"
elif "apache" in service.info.lower():
if "apache tomcat" in service.info.lower():
entityname = "msploitego.ApacheTomcat"
elif all(x in service.info.lower() for x in ["apache", "php"]):
entityname = "msploitego.ApachePHP"
else:
entityname = "msploitego.Apachehttpd"
elif "httpfileserver" in service.info.lower():
entityname = "msploitego.HTTPFileServer"
elif "lighttpd" in service.info.lower():
entityname = "msploitego.lighttpd"
elif "nginx" in service.info.lower():
entityname = "msploitego.nginx"
elif "jetty" in service.info.lower():
entityname = "msploitego.Jetty"
elif "node.js" in service.info.lower():
entityname = "msploitego.Nodejs"
elif "httpapi" in service.info.lower():
entityname = "msploitego.MicrosoftHTTPAPI"
elif "WAF" in service.info:
entityname = "msploitego.WAF"
elif "oracle http server" in service.info.lower():
entityname = "msploitego.OracleHTTPServer"
elif "oracle xml db" in service.info.lower():
entityname = "msploitego.OracleXMLDB"
elif "goahead" in service.info.lower():
entityname = "msploitego.GoAheadWebServer"
#
else:
entityname = "msploitego.WebService"
else:
entityname = "msploitego.WebService"
elif service.port == "32768":
entityname = "msploitego.PotentialBackdoor"
elif any(x in servicename for x in ["samba","netbios-ssn","smb","microsoft-ds","netbios-ns","netbios-dgm"]):
entityname = "msploitego.SambaService"
elif servicename == "ssh":
entityname = "msploitego.SSHService"
elif servicename in ["dns","mdns","domain"]:
entityname = "msploitego.DNSService"
elif "rpc" in servicename:
entityname = "msploitego.RPC"
elif "epmap" in servicename:
entityname = "msploitego.epmap"
elif "cifs" in servicename:
entityname = "msploitego.cifs"
elif "ssdp" in servicename:
entityname = "msploitego.ssdp"
elif "irc" in servicename:
entityname = "msploitego.irc"
elif "pop" in servicename:
entityname = "msploitego.pop3"
elif "oracle" in servicename:
entityname = "msploitego.Oracle"
elif "ftp" in servicename:
entityname = "msploitego.ftp"
elif "finger" in servicename:
entityname = "msploitego.finger"
elif "imap" in servicename:
entityname = "msploitego.imap"
elif "winrm" in servicename.lower():
entityname = "msploitego.winrm"
elif "nmap" in servicename.lower():
entityname = "msploitego.Nmap"
elif "ldap" in servicename.lower():
entityname = "msploitego.LDAP"
elif "compressnet" in servicename.lower():
entityname = "msploitego.compressnet"
elif "ansys" in servicename.lower():
entityname = "msploitego.ansys"
elif "boinc" in servicename.lower():
entityname = "msploitego.boinc"
elif "bakbone" in servicename.lower():
entityname = "msploitego.bakbonenetvault"
elif "cisco" in servicename.lower():
entityname = "msploitego.CISCO"
elif "ntp" in servicename:
entityname = "msploitego.ntp"
elif "dhcp" in servicename:
entityname = "msploitego.DHCP"
elif "dbase" in servicename.lower():
entityname = "msploitego.dBase"
elif "chargen" in servicename.lower():
entityname = "msploitego.chargen"
elif "directplaysrvr" in servicename:
entityname = "msploitego.directplaysrvr"
elif "smtp" in servicename.lower():
entityname = "msploitego.smtp"
elif "ident" in servicename.lower():
entityname = "msploitego.ident"
elif any(x in servicename.lower()for x in ["snmp", "smux"]):
entityname = "msploitego.SNMP"
elif "tcpwrapped" in servicename:
entityname = "msploitego.tcpwrapped"
elif "mysql" in servicename:
entityname = "msploitego.mysql"
elif any(x in servicename.lower() for x in ["mssql","ms-sql","dbm"]):
entityname = "msploitego.mssql"
elif any(x in servicename for x in ["nat-pmp","upnp", "natpmp"]):
entityname = "msploitego.natpmp"
elif any(x in servicename.lower() for x in ["confluent", "kafka"]):
entityname = "msploitego.ApacheKafka"
elif any(x in servicename for x in ["ndmp"]):
entityname = "msploitego.NAS"
elif any(x in servicename.lower() for x in ["neod", "corba"]):
entityname = "msploitego.ObjectRequestBroker"
elif "ajp" in servicename:
entityname = "msploitego.ajp"
elif "llmnr" in servicename.lower():
entityname = "msploitego.llmnr"
elif any(x in servicename.lower() for x in ["keysrvr", "keyshadow"]):
entityname = "msploitego.KeyServer"
elif servicename.lower() in ["kerberos","kpasswd5","kerberos-sec","krb524"]:
entityname = "msploitego.kerberos"
elif "msexchange-logcopier" in servicename.lower():
entityname = "msploitego.MSExchangeLogCopier"
elif any(x in servicename.lower() for x in ["nfs", "lockd","amiganetfs"]):
entityname = "msploitego.nfsacl"
elif "x11" in servicename.lower():
entityname = "msploitego.X11"
elif "sip" == servicename.lower():
entityname = "msploitego.SIP"
elif "fmtp" in servicename.lower():
entityname = "msploitego.fmtp"
elif "telnet" in servicename.lower():
entityname = "msploitego.telnet"
elif any(x in servicename.lower() for x in ["rdp","xdmcp"]):
entityname = "msploitego.rdp"
elif "ipp" in servicename.lower():
entityname = "msploitego.ipp"
elif "vnc" in servicename.lower():
entityname = "msploitego.vnc"
elif "wap-wsp" in servicename.lower():
entityname = "msploitego.wapwsp"
elif "blackjack" in servicename.lower():
entityname = "msploitego.blackjack"
elif any(x in servicename.lower() for x in ["backorifice","bo2k"]):
entityname = "msploitego.backorifice"
elif "rtsp" in servicename.lower():
entityname = "msploitego.rtsp"
elif "bacnet" in servicename.lower():
entityname = "msploitego.Bacnet"
elif "msdtc" in servicename.lower():
entityname = "msploitego.msdtc"
elif "wfremotertm" in servicename.lower():
entityname = "msploitego.wfremotertm"
elif "msdp" in servicename.lower():
entityname = "msploitego.msdp"
elif "ssl" in servicename.lower():
entityname = "msploitego.ssl"
elif all(x in servicename.lower() for x in ["afs","fileserver"]):
entityname = "msploitego.AFS"
elif "adobeserver" in servicename.lower():
entityname = "msploitego.AdobeserverService"
elif "ms-wbt-server" in servicename.lower():
entityname = "msploitego.MicrosoftTerminalServices"
elif servicename.lower() in ["rmiregistry", "java-rmi"]:
entityname = "msploitego.JavaRMI"
hostservice = mt.addEntity(entityname, "{}/{}:{}".format(servicename,service.port,service.hostid))
hostservice.setValue = "{}/{}:{}".format(servicename,service.port,service.hostid)
hostservice.addAdditionalFields("ip","IP Address",True,ip)
if servicename and servicename.lower() in ["http","https","possible_wls","www","ncacn_http","ccproxy-http","ssl/http","http-proxy"]:
hostservice.addAdditionalFields("niktofile", "Nikto File", True, '')
hostservice.addAdditionalFields("fromfile", "Source File", True, fn)
hostservice.addAdditionalFields("service.name", "Service Name", True, servicename)
if service.containsTag("info"):
hostservice.addAdditionalFields("banner", "Banner", True, service.info)
if servicename in ["samba", "netbios-ssn", "smb", "microsoft-ds"]:
if "workgroup" in service.info.lower():
groupname = service.info.lower().split("workgroup:",1)[-1].lstrip()
workgroup = mt.addEntity("maltego.Domain", groupname)
workgroup.setValue(groupname)
workgroup.addAdditionalFields("ip", "IP Address", True, ip)
else:
hostservice.addAdditionalFields("banner", "Banner", True, "{}-No info".format(servicename))
for etag in entitytags:
if etag in service.getTags():
val = service.getVal(etag)
hostservice.addAdditionalFields(etag, etag, True, val)
if mac:
macentity = mt.addEntity("maltego.MacAddress", mac)
macentity.setValue(mac)
macentity.addAdditionalFields("ip", "IP Address", True, ip)
if machinename and re.match("^[a-zA-z]+",machinename):
hostentity = mt.addEntity("msploitego.Hostname", machinename)
hostentity.setValue(machinename)
hostentity.addAdditionalFields("ip", "IP Address", True, ip)
""" OS determination """
osentityname = "msploitego.OperatingSystem"
if osname or osfamily:
if osfamily:
if osname:
if "windows 2003" in osname.lower():
osentityname = "msploitego.Windows2003"
elif "windows 2008" in osname.lower():
osentityname = "msploitego.Windows2008"
elif "windows 2012" in osname.lower():
osentityname = "msploitego.Windows2012"
elif "windows 2000" in osname.lower():
osentityname = "msploitego.Windows2000"
elif "windows xp" in osname.lower():
osentityname = "msploitego.WindowsXP"
elif "windows 7" in osname.lower():
osentityname = "msploitego.Windows7"
elif "freebsd" in osname.lower():
osentityname = "msploitego.FreeBSD"
elif "solaris" in osname.lower():
osentityname = "msploitego.Solaris"
elif "linux" in osname.lower():
osentityname = "msploitego.LinuxOperatingSystem"
elif "embedded" in osname.lower():
osentityname = "msploitego.EmbeddedOS"
osdescription = osname
else:
if "windows" in osfamily.lower():
osentityname = "msploitego.WindowsOperatingSystem"
elif "freebsd" in osfamily.lower():
osentityname = "msploitego.FreeBSD"
elif "linux" in osfamily.lower():
osentityname = "msploitego.LinuxOperatingSystem"
osdescription = osfamily
elif osname:
if "embedded" in osname.lower():
osentityname = "msploitego.EmbeddedOS"
elif "linux" in osname.lower():
osentityname = "msploitego.LinuxOperatingSystem"
osdescription = osname
osentity = mt.addEntity(osentityname, osdescription)
osentity.setValue(osdescription)
osentity.addAdditionalFields("ip", "IP Address", True, ip)
# elif "linux" in osfamily.lower():
# osfament = mt.addEntity("msploitego.LinuxOperatingSystem", osfamily)
# osfament.setValue(osfamily)
# osfament.addAdditionalFields("ip", "IP Address", True, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
machinename = mt.getVar("machinename")
rep = scriptrunner(port, "smb-enum-shares", ip, args="-sU -sS")
if rep:
for res in rep.hosts[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
bucket = bucketparser(regex, output, method="search")
for item in bucket:
warning = item.get("Warning")
if warning and re.search("denied", warning, re.I):
enitiyname = "msploitego.AccessDenied"
else:
enitiyname = "msploitego.SambaShare"
header = item.get("Header")
shareentity = mt.addEntity(enitiyname, header)
shareentity.setValue(header)
sharename = header.split("\\")[-1].strip().strip(":")
shareentity.addAdditionalFields("sharename", "Share Name",
False, sharename)
shareentity.addAdditionalFields("sambashare", "Samba Share",
False, header)
shareentity.addAdditionalFields("ip", "IP Address", False, ip)
shareentity.addAdditionalFields("port", "Port", False, port)
if machinename:
shareentity.addAdditionalFields("machinename",
"Machine Name", False,
machinename)
for k, v in item.items():
if k == "Header":
continue
shareentity.addAdditionalFields(k.lower(), k, False, v)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "rdp-vuln-ms12-020", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
regex = re.compile("\s{2}[A-Za-z]+")
output = res.get("output").split("\n")
results = bucketparser(regex, output)
for res in results:
if res.get("Header") == "VULNERABLE":
continue
vulnentity = mt.addEntity("msploitego.RDPVulnerability",
res.get("Header"))
vulnentity.setValue(res.get("Header"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
for k, v in res.items():
if k == "Details":
vulnentity.addAdditionalFields("details", k, False,
"\n".join(v))
else:
if v and v.strip():
vulnentity.addAdditionalFields(
k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
entitytags = ["hostid", "info", "name", "port", "proto", "state"]
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
fn = mt.getVar("fromfile")
ip = mt.getVar("address")
mac = mt.getVar("mac")
osname = mt.getVar("osname")
osfamily = mt.getVar("osfamily")
machinename = mt.getVar("name")
servicecount = int(mt.getVar("servicecount"))
mdb = MetasploitXML(fn)
if servicecount > 0:
host = mdb.gethost(ip)
for service in host.services:
entityname = "msploitego.MetasploitService"
try:
servicename = service.name
except AttributeError:
servicename = "NoName"
try:
serviceinfo = service.info
except AttributeError:
serviceinfo = None
if service.state.lower() in ["filtered", "closed"]:
entityname = "msploitego.ClosedPort"
else:
if servicename in [
"http", "https", "possible_wls", "www", "ncacn_http",
"ccproxy-http", "ssl/http", "http-proxy"
]:
if serviceinfo:
if "iis" in service.info.lower():
entityname = "msploitego.IISWebservice"
elif "rpc over http" in service.info.lower():
entityname = "msploitego.RPCoverhttp"
elif "oracle xml db" in service.info.lower():
entityname = "msploitego.OracleXMLDB"
elif "apache" in service.info.lower():
if "apache tomcat" in service.info.lower():
entityname = "msploitego.ApacheTomcat"
elif all(x in service.info.lower()
for x in ["apache", "php"]):
entityname = "msploitego.ApachePHP"
else:
entityname = "msploitego.Apachehttpd"
elif "httpfileserver" in service.info.lower():
entityname = "msploitego.HTTPFileServer"
elif "lighttpd" in service.info.lower():
entityname = "msploitego.lighttpd"
elif "nginx" in service.info.lower():
entityname = "msploitego.nginx"
elif "jetty" in service.info.lower():
entityname = "msploitego.Jetty"
elif "node.js" in service.info.lower():
entityname = "msploitego.Nodejs"
elif "httpapi" in service.info.lower():
entityname = "msploitego.MicrosoftHTTPAPI"
elif "WAF" in service.info:
entityname = "msploitego.WAF"
elif "oracle http server" in service.info.lower():
entityname = "msploitego.OracleHTTPServer"
elif "oracle xml db" in service.info.lower():
entityname = "msploitego.OracleXMLDB"
elif "goahead" in service.info.lower():
entityname = "msploitego.GoAheadWebServer"
#
else:
entityname = "msploitego.WebService"
else:
entityname = "msploitego.WebService"
elif service.port == "32768":
entityname = "msploitego.PotentialBackdoor"
elif any(x in servicename for x in [
"samba", "netbios-ssn", "smb", "microsoft-ds",
"netbios-ns", "netbios-dgm"
]):
entityname = "msploitego.SambaService"
elif servicename == "ssh":
entityname = "msploitego.SSHService"
elif servicename in ["dns", "mdns", "domain"]:
entityname = "msploitego.DNSService"
elif "rpc" in servicename:
entityname = "msploitego.RPC"
elif "epmap" in servicename:
entityname = "msploitego.epmap"
elif "cifs" in servicename:
entityname = "msploitego.cifs"
elif "ssdp" in servicename:
entityname = "msploitego.ssdp"
elif "irc" in servicename:
entityname = "msploitego.irc"
elif "pop" in servicename:
entityname = "msploitego.pop3"
elif "oracle" in servicename:
entityname = "msploitego.Oracle"
elif "ftp" in servicename:
entityname = "msploitego.ftp"
elif "finger" in servicename:
entityname = "msploitego.finger"
elif "imap" in servicename:
entityname = "msploitego.imap"
elif "winrm" in servicename.lower():
entityname = "msploitego.winrm"
elif "nmap" in servicename.lower():
entityname = "msploitego.Nmap"
elif "ldap" in servicename.lower():
entityname = "msploitego.LDAP"
elif "compressnet" in servicename.lower():
entityname = "msploitego.compressnet"
elif "ansys" in servicename.lower():
entityname = "msploitego.ansys"
elif "boinc" in servicename.lower():
entityname = "msploitego.boinc"
elif "bakbone" in servicename.lower():
entityname = "msploitego.bakbonenetvault"
elif "cisco" in servicename.lower():
entityname = "msploitego.CISCO"
elif "ntp" in servicename:
entityname = "msploitego.ntp"
elif "dhcp" in servicename:
entityname = "msploitego.DHCP"
elif "dbase" in servicename.lower():
entityname = "msploitego.dBase"
elif "chargen" in servicename.lower():
entityname = "msploitego.chargen"
elif "directplaysrvr" in servicename:
entityname = "msploitego.directplaysrvr"
elif "smtp" in servicename.lower():
entityname = "msploitego.smtp"
elif "ident" in servicename.lower():
entityname = "msploitego.ident"
elif any(x in servicename.lower() for x in ["snmp", "smux"]):
entityname = "msploitego.SNMP"
elif "tcpwrapped" in servicename:
entityname = "msploitego.tcpwrapped"
elif "mysql" in servicename:
entityname = "msploitego.mysql"
elif any(x in servicename.lower()
for x in ["mssql", "ms-sql", "dbm"]):
entityname = "msploitego.mssql"
elif any(x in servicename
for x in ["nat-pmp", "upnp", "natpmp"]):
entityname = "msploitego.natpmp"
elif any(x in servicename.lower()
for x in ["confluent", "kafka"]):
entityname = "msploitego.ApacheKafka"
elif any(x in servicename for x in ["ndmp"]):
entityname = "msploitego.NAS"
elif any(x in servicename.lower() for x in ["neod", "corba"]):
entityname = "msploitego.ObjectRequestBroker"
elif "ajp" in servicename:
entityname = "msploitego.ajp"
elif "llmnr" in servicename.lower():
entityname = "msploitego.llmnr"
elif any(x in servicename.lower()
for x in ["keysrvr", "keyshadow"]):
entityname = "msploitego.KeyServer"
elif servicename.lower() in [
"kerberos", "kpasswd5", "kerberos-sec", "krb524"
]:
entityname = "msploitego.kerberos"
elif "msexchange-logcopier" in servicename.lower():
entityname = "msploitego.MSExchangeLogCopier"
elif any(x in servicename.lower()
for x in ["nfs", "lockd", "amiganetfs"]):
entityname = "msploitego.nfsacl"
elif "x11" in servicename.lower():
entityname = "msploitego.X11"
elif "sip" == servicename.lower():
entityname = "msploitego.SIP"
elif "fmtp" in servicename.lower():
entityname = "msploitego.fmtp"
elif "telnet" in servicename.lower():
entityname = "msploitego.telnet"
elif any(x in servicename.lower() for x in ["rdp", "xdmcp"]):
entityname = "msploitego.rdp"
elif "ipp" in servicename.lower():
entityname = "msploitego.ipp"
elif "vnc" in servicename.lower():
entityname = "msploitego.vnc"
elif "wap-wsp" in servicename.lower():
entityname = "msploitego.wapwsp"
elif "blackjack" in servicename.lower():
entityname = "msploitego.blackjack"
elif any(x in servicename.lower()
for x in ["backorifice", "bo2k"]):
entityname = "msploitego.backorifice"
elif "rtsp" in servicename.lower():
entityname = "msploitego.rtsp"
elif "bacnet" in servicename.lower():
entityname = "msploitego.Bacnet"
elif "msdtc" in servicename.lower():
entityname = "msploitego.msdtc"
elif "wfremotertm" in servicename.lower():
entityname = "msploitego.wfremotertm"
elif "msdp" in servicename.lower():
entityname = "msploitego.msdp"
elif "ssl" in servicename.lower():
entityname = "msploitego.ssl"
elif all(x in servicename.lower()
for x in ["afs", "fileserver"]):
entityname = "msploitego.AFS"
elif "adobeserver" in servicename.lower():
entityname = "msploitego.AdobeserverService"
elif "ms-wbt-server" in servicename.lower():
entityname = "msploitego.MicrosoftTerminalServices"
elif servicename.lower() in ["rmiregistry", "java-rmi"]:
entityname = "msploitego.JavaRMI"
hostservice = mt.addEntity(
entityname, "{}/{}:{}".format(servicename, service.port,
service.hostid))
hostservice.setValue = "{}/{}:{}".format(servicename, service.port,
service.hostid)
hostservice.addAdditionalFields("ip", "IP Address", True, ip)
if servicename and servicename.lower() in [
"http", "https", "possible_wls", "www", "ncacn_http",
"ccproxy-http", "ssl/http", "http-proxy"
]:
hostservice.addAdditionalFields("niktofile", "Nikto File",
True, '')
hostservice.addAdditionalFields("fromfile", "Source File", True,
fn)
hostservice.addAdditionalFields("service.name", "Service Name",
True, servicename)
if service.containsTag("info"):
hostservice.addAdditionalFields("banner", "Banner", True,
service.info)
if servicename in [
"samba", "netbios-ssn", "smb", "microsoft-ds"
]:
if "workgroup" in service.info.lower():
groupname = service.info.lower().split(
"workgroup:", 1)[-1].lstrip()
workgroup = mt.addEntity("maltego.Domain", groupname)
workgroup.setValue(groupname)
workgroup.addAdditionalFields("ip", "IP Address", True,
ip)
else:
hostservice.addAdditionalFields(
"banner", "Banner", True, "{}-No info".format(servicename))
for etag in entitytags:
if etag in service.getTags():
val = service.getVal(etag)
hostservice.addAdditionalFields(etag, etag, True, val)
if mac:
macentity = mt.addEntity("maltego.MacAddress", mac)
macentity.setValue(mac)
macentity.addAdditionalFields("ip", "IP Address", True, ip)
if machinename and re.match("^[a-zA-z]+", machinename):
hostentity = mt.addEntity("msploitego.Hostname", machinename)
hostentity.setValue(machinename)
hostentity.addAdditionalFields("ip", "IP Address", True, ip)
""" OS determination """
osentityname = "msploitego.OperatingSystem"
if osname or osfamily:
if osfamily:
if osname:
if "windows 2003" in osname.lower():
osentityname = "msploitego.Windows2003"
elif "windows 2008" in osname.lower():
osentityname = "msploitego.Windows2008"
elif "windows 2012" in osname.lower():
osentityname = "msploitego.Windows2012"
elif "windows 2000" in osname.lower():
osentityname = "msploitego.Windows2000"
elif "windows xp" in osname.lower():
osentityname = "msploitego.WindowsXP"
elif "windows 7" in osname.lower():
osentityname = "msploitego.Windows7"
elif "freebsd" in osname.lower():
osentityname = "msploitego.FreeBSD"
elif "solaris" in osname.lower():
osentityname = "msploitego.Solaris"
elif "linux" in osname.lower():
osentityname = "msploitego.LinuxOperatingSystem"
elif "embedded" in osname.lower():
osentityname = "msploitego.EmbeddedOS"
osdescription = osname
else:
if "windows" in osfamily.lower():
osentityname = "msploitego.WindowsOperatingSystem"
elif "freebsd" in osfamily.lower():
osentityname = "msploitego.FreeBSD"
elif "linux" in osfamily.lower():
osentityname = "msploitego.LinuxOperatingSystem"
osdescription = osfamily
elif osname:
if "embedded" in osname.lower():
osentityname = "msploitego.EmbeddedOS"
elif "linux" in osname.lower():
osentityname = "msploitego.LinuxOperatingSystem"
osdescription = osname
osentity = mt.addEntity(osentityname, osdescription)
osentity.setValue(osdescription)
osentity.addAdditionalFields("ip", "IP Address", True, ip)
# elif "linux" in osfamily.lower():
# osfament = mt.addEntity("msploitego.LinuxOperatingSystem", osfamily)
# osfament.setValue(osfamily)
# osfament.addAdditionalFields("ip", "IP Address", True, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
fn = mt.getValue()
path = mt.getVar("path")
bashlog = bashrunner("cat {}".format(path))
details = "".join(bashlog)
if details:
fileent = mt.addEntity("msploitego.LootFile", fn)
fileent.setValue(fn)
fileent.addAdditionalFields("details", "Details", False, details)
fileent.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
diry = mt.getValue()
# website = mt.addEntity("maltego.URL", "http://{}:{}{}".format(ip,port,diry))
# website.setValue("http://{}:{}{}".format(ip,port,diry))
# website.addAdditionalFields("dir", "Directory", False, diry)
# website.addAdditionalFields("url", "URL", False, "http://{}:{}{}".format(ip,port,diry))
# website.addAdditionalFields("ip", "IP Address", False, ip)
# website.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
servicename = mt.getVar("servicename")
serviceid = mt.getVar("serviceid")
hostid = mt.getVar("hostid")
workspace = mt.getVar("workspace")
rep = scriptrunner(port, "http-sitemap-generator", ip)
if rep:
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output")
webdir = mt.addEntity(
"msploitego.WebDirectoryInfo",
"{}:{}:{}".format(res.get("id"), hostid, port))
webdir.setValue("{}:{}:{}".format(res.get("id"), hostid, port))
webdir.addAdditionalFields("data", "Data", True, output)
webdir.addAdditionalFields("servicename", "Service Name", True,
servicename)
webdir.addAdditionalFields("serviceid", "Service Id", True,
serviceid)
webdir.addAdditionalFields("hostid", "Host Id", True, hostid)
webdir.addAdditionalFields("workspace", "Workspace", True,
workspace)
webdir.addAdditionalFields("ip", "IP Address", False, ip)
webdir.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port,
"ssh-auth-methods,ssh-hostkey",
ip,
scriptargs="ssh_hostkey=all")
if rep:
for scriptrun in rep.hosts[0].services[0].scripts_results:
infoentity = mt.addEntity(
"msploitego.RelevantInformation",
"{}:{}".format(scriptrun.get("id"), hostid))
infoentity.setValue("{}:{}".format(scriptrun.get("id"), hostid))
infoentity.addAdditionalFields("description", "Description", False,
scriptrun.get("output"))
infoentity.addAdditionalFields("ip", "IP Address", False, ip)
infoentity.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getValue()
db = mt.getVar("db")
user = mt.getVar("user")
hostid = mt.getVar("id")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
# for loot in mpost.getLootforHost(ip):
for loot in mpost.getLootforHost(hostid):
if loot.get("name"):
lootentity = mt.addEntity("msploitego.MetasploitLoot",
"{}:{}".format(loot.get("name"), hostid))
lootentity.setValue("{}:{}".format(loot.get("name"), hostid))
else:
lootentity = mt.addEntity(
"msploitego.MetasploitLoot",
"{}:{}".format(loot.get("ltype"), hostid))
lootentity.setValue("{}:{}".format(loot.get("ltype"), hostid))
for k, v in loot.items():
if isinstance(v, datetime):
lootentity.addAdditionalFields(
k, k.capitalize(), False,
"{}/{}/{}".format(v.day, v.month, v.year))
elif v and str(v).strip():
lootentity.addAdditionalFields(k, k.capitalize(), False,
str(v))
if loot.get("path"):
filecontents = getFileContents(loot.get("path"))
if filecontents:
lootentity.addAdditionalFields("details", "Details", False,
"".join(filecontents))
lootentity.addAdditionalFields("user", "User", False, user)
lootentity.addAdditionalFields("password", "Password", False, password)
lootentity.addAdditionalFields("db", "db", False, db)
lootentity.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "ftp-vuln-cve2010-4221,ftp-vsftpd-backdoor,ftp-anon,ftp-libopie,ftp-proftpd-backdoor", ip)
for scriptrun in rep.hosts[0].services[0].scripts_results:
vulnentity = mt.addEntity("msploitego.FTPVulnerability", "{}:{}".format(scriptrun.get("id"),hostid))
vulnentity.setValue("{}:{}".format(scriptrun.get("id"),hostid))
vulnentity.addAdditionalFields("description", "Description",False,scriptrun.get("output"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
module = mt.getValue()
falsepos = mt.addEntity("msploitego.Hacked",
"{}:{}".format(module, ip, port))
falsepos.setValue("{}:{}".format(module, ip, port))
falsepos.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("address")
hostid = mt.getVar("hostid")
vuln = mt.getValue()
path = mt.getVar("path")
msreg = re.compile("ms[0-9]{2}-[0-9]{3}", re.I)
cvereg = re.compile("cve[-]*[0-9]{3,4}-[0-9]{3,4}",re.I)
rankreg = re.compile("normal|manual|great|average|excellent|good|\blow\b")
for ms in msreg.findall(vuln):
bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(ms))
for line in bashlog:
if rankreg.search(line):
rank = rankreg.search(line).group(0)
msfmod = re.split(" {2,}", line.lstrip())
msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
msfentity.setValue(msfmod[0])
msfentity.addAdditionalFields("rank", "Rank", False, rank)
msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
msfentity.addAdditionalFields("ip", "IP Address", False, ip)
for cve in cvereg.findall(vuln):
bashlog = bashrunner("msfconsole -qx 'search {}; exit -y'".format(cve))
for line in bashlog:
if rankreg.search(line):
rank = rankreg.search(line).group(0)
msfmod = re.split(" {2,}", line.lstrip())
msfentity = mt.addEntity("msploitego.MetasploitModule", msfmod[0])
msfentity.setValue(msfmod[0])
msfentity.addAdditionalFields("rank", "Rank", False, rank)
msfentity.addAdditionalFields("details", "Details", False, msfmod[-1])
# msfentity.addAdditionalFields("ip", "IP Address", False, ip)
# bashlog = bashrunner("searchsploit -www {}".format(ms))
# for line in bashlog:
# if re.search("http",line):
# desc,link = line.split("|")
# exploitentity = mt.addEntity("msploitego.ExploitDBItem", link.strip())
# exploitentity.setValue(link.strip())
# exploitentity.addAdditionalFields("details", "Details", False, desc)
# exploitentity.addAdditionalFields("ip", "IP Address", False, ip)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smtp-enum-users", ip)
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output")
for username in output.split(","):
username = username.strip().lstrip()
userentity = mt.addEntity("maltego.Alias", username)
userentity.setValue(username)
userentity.addAdditionalFields("sourceip", "Source IP", False, ip)
userentity.addAdditionalFields("sourceport", "Source Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
server = mt.getVar("server")
workgroup = mt.getVar("workgroup")
account = mt.getVar("account_used")
path = mt.getVar("sambapath")
domaindns = mt.getVar("domain_dns")
if not path:
path = "/"
conn = SMBConnection('admin', 'admin', "localhost", server, domain=workgroup, use_ntlm_v2=True,
is_direct_tcp=True)
conn.connect(ip, int(port))
shares = conn.listShares()
regex = re.compile("^\.{1,2}$")
for share in shares:
if not share.isSpecial and share.name not in ['NETLOGON', 'SYSVOL']:
sharename = unicodedata.normalize("NFKD", share.name).encode('ascii', 'ignore')
for file in conn.listPath(share.name, path):
filename = unicodedata.normalize("NFKD", file.filename).encode('ascii', 'ignore')
if file.isDirectory:
if not regex.match(filename):
entityname = "msploitego.SambaShare"
newpath = "{}/{}/".format(path,filename)
else:
continue
# subpath = conn.listPath(share.name, '/{}'.format(filename))
else:
entityname = "msploitego.SambaFile"
newpath = "{}/{}".format(path, filename)
sambaentity = mt.addEntity(entityname,"{}/{}/{}".format(ip,sharename,filename))
sambaentity.setValue("{}/{}/{}".format(ip,sharename,filename))
sambaentity.addAdditionalFields("ip", "IP Address", False, ip)
sambaentity.addAdditionalFields("port", "Port", False, port)
sambaentity.addAdditionalFields("server", "Server", False, server)
sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup)
sambaentity.addAdditionalFields("filename", "Filename", False, filename)
sambaentity.addAdditionalFields("path", "Path", False, newpath)
sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid)
sambaentity.addAdditionalFields("domain_dns", "Domain DNS", False, domaindns)
sambaentity.addAdditionalFields("sharename", "Share Name", False, sharename)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
server = mt.getVar("server")
workgroup = mt.getVar("workgroup")
account = mt.getVar("account_used")
path = mt.getVar("path")
domaindns = mt.getVar("domain_dns")
sharename = mt.getVar("sharename")
conn = SMBConnection('',
'',
"localhost",
server,
domain=workgroup,
use_ntlm_v2=True,
is_direct_tcp=True)
conn.connect(ip, int(port))
regex = re.compile("^\.{1,2}$")
for file in conn.listPath(sharename, path):
filename = unicodedata.normalize("NFKD", file.filename).encode(
'ascii', 'ignore')
if file.isDirectory:
if not regex.match(filename):
entityname = "msploitego.SambaShare"
newpath = "{}/{}".format(path, filename)
else:
continue
else:
entityname = "msploitego.SambaFile"
newpath = "{}/{}".format(path, filename)
sambaentity = mt.addEntity(entityname,
"{}/{}{}".format(ip, sharename, newpath))
sambaentity.setValue("{}/{}{}".format(ip, sharename, newpath))
sambaentity.addAdditionalFields("ip", "IP Address", False, ip)
sambaentity.addAdditionalFields("port", "Port", False, port)
sambaentity.addAdditionalFields("server", "Server", False, server)
sambaentity.addAdditionalFields("workgroup", "Workgroup", False,
workgroup)
sambaentity.addAdditionalFields("filename", "Filename", False,
filename)
sambaentity.addAdditionalFields("path", "Path", False, newpath)
sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid)
sambaentity.addAdditionalFields("domain_dns", "Domain DNS", False,
domaindns)
sambaentity.addAdditionalFields("sharename", "Share Name", False,
sharename)
conn.close()
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "dns-nsid", ip, args="-sSU")
for res in rep.hosts[0].services[0].scripts_results:
id = res.get("id")
if id:
dnsnsid = mt.addEntity("msploitego.dnsnsid", "{}:{}".format(id,hostid))
dnsnsid.setValue("{}:{}".format(id,hostid))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "smb-enum-services", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
output = res.get("output").split("\n")
regex = re.compile("^\s\s[a-zA-Z0-9_.-]+")
bucket = bucketparser(regex, output)
for item in bucket:
serviceent = mt.addEntity(
"maltego.Service", "{}:{}".format(item.get("Header"),
hostid))
serviceent.setValue("{}:{}".format(item.get("Header"), hostid))
serviceent.addAdditionalFields("displayname", "Service Name",
False, item.get("Display_name"))
serviceent.addAdditionalFields("ip", "IP Address", False, ip)
serviceent.addAdditionalFields("port", "Port", False, port)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
db = mt.getValue()
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for session in mpost.getForAllHosts("sessions"):
sessionentity = mt.addEntity("msploitego.MeterpreterSession", str(session.get("id")))
sessionentity.setValue(str(session.get("id")))
for k,v in session.items():
if isinstance(v,datetime):
sessionentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
elif v and str(v).strip():
sessionentity.addAdditionalFields(k, k.capitalize(), False, str(v))
sessionentity.addAdditionalFields("user", "User", False, user)
sessionentity.addAdditionalFields("password", "Password", False, password)
sessionentity.addAdditionalFields("db", "db", False, db)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
path = mt.getVar("uri")
namelink = mt.getVar("namelink")
urlent = mt.addEntity("msploitego.SiteURL", namelink)
urlent.setValue(namelink)
urlent.addAdditionalFields("ip", "IP Address", False, ip)
urlent.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "http-phpself-xss,http-stored-xss", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
if res.get("elements"):
for key, elem in res.get("elements").items():
vulnentity = mt.addEntity("msploitego.XSSVulnerability", elem.get("title"))
vulnentity.setValue(res.get("title"))
vulnentity.addAdditionalFields("vulnid", "Vuln ID", False, res.get("id"))
vulnentity.addAdditionalFields("description", "Description", False, res.get("output"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
for k,v in elem.items():
if v.strip():
vulnentity.addAdditionalFields(k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "rdp-vuln-ms12-020", ip)
if rep.hosts[0].status == "up":
for res in rep.hosts[0].services[0].scripts_results:
regex = re.compile("\s{2}[A-Za-z]+")
output = res.get("output").split("\n")
results = bucketparser(regex,output)
for res in results:
if res.get("Header") == "VULNERABLE":
continue
vulnentity = mt.addEntity("msploitego.RDPVulnerability", res.get("Header"))
vulnentity.setValue(res.get("Header"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
for k,v in res.items():
if k == "Details":
vulnentity.addAdditionalFields("details", k, False, "\n".join(v))
else:
if v and v.strip():
vulnentity.addAdditionalFields(k, k.capitalize(), False, v)
else:
mt.addUIMessage("host is {}!".format(rep.hosts[0].status))
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(port, "ftp-vuln-cve2010-4221,ftp-vsftpd-backdoor,ftp-anon,ftp-libopie,ftp-proftpd-backdoor", ip)
for scriptrun in rep.hosts[0].services[0].scripts_results:
scriptid = scriptrun.get("id")
if scriptid.lower() == "ftp-vuln-cve2010-4221":
scriptid = "cve-2010-4221"
vulnentity = mt.addEntity("msploitego.FTPVulnerability", scriptid)
vulnentity.setValue(scriptid)
vulnentity.addAdditionalFields("description", "Description",False,scriptrun.get("output"))
vulnentity.addAdditionalFields("ip", "IP Address", False, ip)
vulnentity.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
rep = scriptrunner(
port,
"http-apache-negotiation,http-apache-server-status,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2017-5638 ",
ip)
if rep:
for res in rep.hosts[0].services[0].scripts_results:
apachevuln = mt.addEntity("msploitego.ApacheVulnerability",
"{}:{}".format(res.get("id"), hostid))
apachevuln.setValue("{}:{}".format(res.get("id"), hostid))
apachevuln.addAdditionalFields(ip, "IP Address", False, ip)
apachevuln.addAdditionalFields(hostid, "Host Id", False, hostid)
inheritvalues(apachevuln, mt.values)
for k, v in res.get("elements").items():
if isinstance(v, dict):
apachevuln.addAdditionalFields("vuln", "Vuln", False, k)
for key, value in v.items():
if value and value.strip():
apachevuln.addAdditionalFields(
key, key.capitalize(), False, value.strip())
elif v and v.strip():
apachevuln.addAdditionalFields(k, k.capitalize(), False,
v.strip())
else:
mt.addUIMessage("host is either down or not responding in this port")
mt.returnOutput()
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
server = mt.getVar("server")
if not server:
server = mt.getVar("machinename")
workgroup = mt.getVar("workgroup")
path = mt.getVar("path")
domaindns = mt.getVar("domain_dns")
sharename = mt.getVar("sharename")
if not workgroup:
workgroup = "WORKGROUP"
# conn = SMBConnection('', '', "localhost", server, domain=workgroup, use_ntlm_v2=True,is_direct_tcp=True)
conn = SMBConnection('', '', "localhost", server, domain=workgroup, use_ntlm_v2=True)
conn.connect(ip, int(port))
regex = re.compile("^\.{1,2}$")
try:
files = conn.listPath(sharename, path)
except NotReadyError:
accessdenied = mt.addEntity("msploitego.AccessDenied",sharename)
accessdenied.setValue(sharename)
else:
for file in files:
filename = unicodedata.normalize("NFKD", file.filename).encode('ascii', 'ignore')
if file.isDirectory:
if not regex.match(filename):
entityname = "msploitego.SambaShare"
newpath = "{}/{}".format(path,filename)
else:
continue
else:
entityname = "msploitego.SambaFile"
newpath = "{}/{}".format(path, filename)
sambaentity = mt.addEntity(entityname,"{}/{}{}".format(ip,sharename,newpath))
sambaentity.setValue("{}/{}{}".format(ip,sharename,newpath))
sambaentity.addAdditionalFields("ip", "IP Address", False, ip)
sambaentity.addAdditionalFields("port", "Port", False, port)
sambaentity.addAdditionalFields("server", "Server", False, server)
sambaentity.addAdditionalFields("workgroup", "Workgroup", False, workgroup)
sambaentity.addAdditionalFields("filename", "Filename", False, filename)
sambaentity.addAdditionalFields("path", "Path", False, newpath)
sambaentity.addAdditionalFields("hostid", "Hostid", False, hostid)
if domaindns:
sambaentity.addAdditionalFields("domain_dns", "Domain DNS", False, domaindns)
sambaentity.addAdditionalFields("sharename", "Share Name", False, sharename)
conn.close()
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getValue()
hostid = mt.getVar("id")
db = mt.getVar("db")
user = mt.getVar("user")
password = mt.getVar("password").replace("\\", "")
mpost = MsploitPostgres(user, password, db)
for vuln in mpost.getforHost(ip, "vulns"):
vulnentity = mt.addEntity("maltego.Vulnerability", "{}:{}".format(vuln.get("name"),hostid))
vulnentity.setValue("{}:{}".format(vuln.get("name"),hostid))
vulnentity.addAdditionalFields("ip", "IP Address", True, ip)
for k,v in vuln.items():
if isinstance(v,datetime):
vulnentity.addAdditionalFields(k, k.capitalize(), False, "{}/{}/{}".format(v.day,v.month,v.year))
elif v and str(v).strip():
vulnentity.addAdditionalFields(k, k.capitalize(), False, str(v))
vulnentity.addAdditionalFields("user", "User", False, user)
vulnentity.addAdditionalFields("db", "db", False, db)
mt.returnOutput()
mt.addUIMessage("completed!")
def dotransform(args):
mt = MaltegoTransform()
# mt.debug(pprint(args))
mt.parseArguments(args)
ip = mt.getVar("ip")
port = mt.getVar("port")
hostid = mt.getVar("hostid")
path = mt.getVar("uri")
namelink = mt.getVar("namelink")
urlent = mt.addEntity("msploitego.SiteURL", namelink)
urlent.setValue(namelink)
urlent.addAdditionalFields("ip", "IP Address", False, ip)
urlent.addAdditionalFields("port", "Port", False, port)
mt.returnOutput()
mt.addUIMessage("completed!")
